CN103003824A - Storage device and method for providing a partially-encrypted content file to a host device - Google Patents

Storage device and method for providing a partially-encrypted content file to a host device Download PDF

Info

Publication number
CN103003824A
CN103003824A CN2011800347153A CN201180034715A CN103003824A CN 103003824 A CN103003824 A CN 103003824A CN 2011800347153 A CN2011800347153 A CN 2011800347153A CN 201180034715 A CN201180034715 A CN 201180034715A CN 103003824 A CN103003824 A CN 103003824A
Authority
CN
China
Prior art keywords
content file
encryption
memory device
main process
process equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011800347153A
Other languages
Chinese (zh)
Other versions
CN103003824B (en
Inventor
H·R·赫顿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SanDisk Corp
SanDisk Technologies LLC
Original Assignee
SanDisk Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SanDisk Corp filed Critical SanDisk Corp
Publication of CN103003824A publication Critical patent/CN103003824A/en
Application granted granted Critical
Publication of CN103003824B publication Critical patent/CN103003824B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • H04N21/23476Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption by partially encrypting, e.g. encrypting the ending portion of a movie
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Abstract

A storage device and method for providing a partially-encrypted content file to a host device are provided. In one embodiment, the storage device retrieves a content file from memory in the storage device and partially-encrypts the content file by encrypting some portions of the content file. The storage device sends the partially-encrypted content file to a host device and informs the host device of which portions of the partially-encrypted content file are encrypted. In one embodiment, the remaining portions of the content file are in clear text form and do not need to be decrypted. Because the host device only needs to decrypt the portions of the content file that are encrypted - and not the entire content file - the host device can decrypt the partially-encrypted content file, even if it does not have the processing power to decrypt a fully-encrypted version. In another embodiment, at least some of the remaining portions of the content file are encrypted with at least one additional key.

Description

Memory device and the method for the content file of Partial encryption are provided to main process equipment
Background technology
Memory device such as secure digital (SD) card can be used for the content that storage is used for playback on main process equipment.For copy protection is provided, content can be stored in the memory device with the form of encrypting.In some environment, memory device is deciphered encrypted content and in plain text (in the clear) mode content flow is transferred to main process equipment and is used for simultaneously playback.In other environment, memory device sends to main process equipment with the content of encrypted form, and existing (render) content is deciphered and drilled to main process equipment in certain time in the future.A difficult problem that can run into when memory device sends to main process equipment with the content of encrypted form is not support to decipher and drill content, the especially video of the encryption of more existing types such as the processing power of some main process equipments of the mobile device of operation Java platform.As a result, these main process equipments can not be play the content that is stored on the memory device.
Summary of the invention
Embodiments of the invention are defined by claim, and any content in this part should not be taken as the restriction to those claims.
By introducing, embodiment described below relates generally to memory device and the method for the content file that Partial encryption is provided to main process equipment.In one embodiment, obtain (retrieve) content file in the storer of memory device from memory device, and pass through to encrypt some part of this content file to this content file Partial encryption.Memory device sends to main process equipment with the content file of this Partial encryption, and which part of the content file of this Partial encryption of notice main process equipment is encrypted.In one embodiment, the remainder of this content file is the plain text form and need not decrypted.So the content file that the main process equipment that---is not whole content file---because main process equipment only needs to decipher the part of encrypted content file can decryption portion be encrypted is not even it has the processing power of the fully encrypted version of deciphering.In another embodiment, at least some in the remainder of this content file are used to few other secret key encryption.This embodiment can be used for allowing being subjected to the limited playback of the content of digital copyright management (DRM) protection, can not use the part of an encryption key access content files but need to visit other parts from least one other key of DRM service because do not understand the main frame of DRM.
Provide other embodiment, and each embodiment can use separately or be used in combination.Referring now to accompanying drawing each embodiment is described.
Description of drawings
Fig. 1 is the main process equipment of an embodiment and the block diagram of memory device.
Fig. 2 is the process flow diagram of method of an embodiment that the content file of Partial encryption is provided to main process equipment.
How Fig. 3 illustrates the block diagram that communicates between the main process equipment of an embodiment and memory device.
Fig. 4 is the illustration that the example encryption pattern of an embodiment is shown.
Embodiment
Introduce
Following examples provide memory device and the method for the content file that Partial encryption is provided.Mention in the background technology part as above, although the content file of existing encryption can be deciphered and drill to some main process equipments, may not have deciphering and drill the processing power of content of the encryption of existing some types such as video such as other main process equipments of the mobile device of operation Java platform.Following examples provide this solution of problem scheme.Not to encrypt whole content file, the some parts of the memory device encrypted content file among these embodiment.Memory device sends to main process equipment with the content file of Partial encryption, and which part of the content file of this Partial encryption of notice main process equipment is encrypted.In one embodiment, the remainder of this content file is the form of plain text, and need not decrypted.So because main process equipment only needs to decipher the part of encrypted content file---rather than whole content file---have the main process equipment of limited processing power may be able to decipher its content file that can not decipher originally.This allows wider mobile handset (perhaps more than 50%) to access the copy-protected content that is stored on the memory device.In addition, though the part unencryption of the content file of Partial encryption therefore be transmitted and can be intercepted and captured by the hacker, but in the situation of the part of the encryption that does not have omission, these plain texts parts also will be useless.Thereby these embodiment still allow the safety of copy-protected content file to transmit.
In another embodiment, not to make all remainders of content file all be in the plain text form, with in the remainder of at least one other secret key encryption content file at least some.This embodiment can be used for allowing being subjected to the limited playback of the content of digital copyright management (DRM) protection, can not use the part of an encryption key access content files but need to visit other parts from least one other key of DRM service because do not understand the main frame of DRM.
Before the discussion that turns to the Partial encryption content file, below part discussion to main process equipment and the memory device of example is provided.
The main process equipment of example and memory device
Turn to now accompanying drawing, Fig. 1 is the block diagram of the main process equipment 50 of communicating by letter with memory device 100 of embodiment.As used herein, phrase " with ... communication " can mean directly with ... communication or by may this illustrate or describe or may be not this illustrate or one or more assemblies of describing indirectly with ... communication.Main process equipment 50 can be taked any suitable form, such as, but not limited to personal computer (PC), mobile phone, digital media player, game station, PDA(Personal Digital Assistant), information station (kiosk), set-top box, TV system, books reader or its combination in any.In this embodiment, memory device 100 is mass-memory units, it can take any suitable form, such as, but not limited to hand-held device, removable storage card, USB (universal serial bus) (USB) equipment, such as the removable or non-removable hard disk drive of solid-state drive and the storer (for example being embedded in the security module in the main process equipment 50) of embedding.
As shown in Figure 1, memory device 100 comprises controller 110 and storer 120.Controller 110 comprises for the memory interface 111 of storer 120 interfaces and be used for host interface 112 with main frame 50 interfaces.Controller 110 also comprises CPU (central processing unit) (CPU) 113, can operate to provide and encrypt and/or hardware cryptographic engine 114, the read access storer (RAM) 115 of decryption oprerations, can store for the ROM (read-only memory) (ROM) 116 of the firmware of the basic operation of memory device 100 and can store nonvolatile memory (NVM) 117 for the peculiar key of equipment of encryption/decryption.Can realize in any suitable manner controller 110.For example, controller 110 can be taked following form: the computer-readable medium of the computer readable program code (for example software or firmware) that microprocessor or processor and storage can be carried out by the microcontroller of for example (little) processor, logic gate, switch, special IC (ASIC), programmable logic controller (PLC) and embedding.The example of controller includes but not limited to following microcontroller: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320.
Storer 120 can be taked any suitable form.In one embodiment, storer 120 take the form of solid-state (for example quickflashing) storer and can be able to programme once, able to programme several times or repeatedly able to programme.Yet, can use the storer of other form, such as optical memory and magnetic store.In this embodiment, storer 120 comprises by the public partition 125 of the file system management on the main frame 50 with by the privately owned subregion 135 of controller 110 inner managements.Privately owned subregion 135 can memory storage devices 100 state 142(as will be described) and other data, include but not limited to contents encryption key (CEK) and firmware (FW) code.Public partition 125 and privately owned subregion 135 can be the parts of identical storage unit, maybe can be different storage unit.Preferably, memory device 200 is taked the TrustedFlash of SanDisk company TMThe form of memory device.
Turn to now main frame 50, main frame 50 comprises controller 160, controller 160 have for the storage device interface 161 of memory device 100 interfaces.Controller 160 also comprises CPU (central processing unit) (CPU) 163, can operate to provide cipher engine 164, read access storer (RAM) 165, ROM (read-only memory) (ROM) 166, security module 171 and the storer 172 of encryption and/or decryption oprerations.Memory device 100 and main frame 150 communicate with one another via storage device interface 161 and host interface 112.For the operation of the safe transmission that relates to data, preferably mutually authenticate each other and provide key change with the cipher engine 114,164 in memory device 100 and the main frame 150.After finishing mutual authentication, preferably set up the safe lane of communicating by letter between memory device 150 and main frame 100 with session key.Main frame 50 can comprise other assembly (such as display device, loudspeaker, earphone jack, video output connection etc.), and they do not have shown in Figure 1 to simplify accompanying drawing.
As mentioned above, main process equipment 50 and memory device 100 are configured to carry out mutual authentication each other.In one embodiment, authentication processing comprises three phases mutually: public key verifications stage, private key Qualify Phase and agreement of session key stage.During the public key verifications stage, each of main process equipment 50 and memory device 100 sends its certificate chain to the opposing party, thereby so that the opposing party can use root certificate authority (authority) PKI that is arranged in the root certificate to verify the authenticity of this certificate and this PKI.In the situation that relates to the middle certificate authority between root certificate authority and main process equipment 50 or the memory device 100, also use this centre certificate to be used for checking.
If the private key Qualify Phase is then carried out in the success of public key verifications stage.During the private key Qualify Phase, each of main process equipment 50 and memory device 100 produces random number and it sent to another equipment as inquiry (challenge).About memory device 100, the sign random number of main process equipment of the private key of memory device 100 usefulness main process equipments 50, and the random number that sends signature is as the response to this inquiry.The PKI of use main process equipment is deciphered this response and itself and this random number is compared.If response and the nonces match of deciphering, then query-response success.Identical processing occurs for main process equipment 50.
If the success of private key authentication phase is then carried out the agreement of session key stage.During the agreement of session key stage, use the public key encryption random number of main process equipment.Then, this random number is session key.Main process equipment 50 can be by obtaining this session key with the deciphering of its private key from the number of the encryption of memory device 100.Same processing occurs in main process equipment 50 sides.Utilize this session key, can initiate the secure communication between main process equipment 50 and the memory device 100.Should be noted that and to use other forms of authentication, be such as but not limited to the authentication of one-sided RSA and use shared secret.
The embodiment that relates to the Partial encryption content file
Mention in the background technology part as above, although the content file of existing encryption can be deciphered and drill to some main process equipments, may not have deciphering and drill the processing power of content of the encryption of existing some types such as video such as other main process equipments of the mobile device of operation Java platform.In order to overcome this problem, can in memory device 100, realize the method shown in flow process Figure 200 of Fig. 2.As shown in Figure 2, memory device 100 is obtained content file (action 210) from storer 120, and by the some parts of encrypting this content file this content file of Partial encryption (action 220).In this embodiment, make the remainder of this content file be in the plain text form.Then, memory device 100 sends to main process equipment 50(action 230 with the content file of Partial encryption).Before the content file of these Partial encryptions of main process equipment 50 transmission, afterwards or during certain time point, which part encrypted (action 240) of the content file of memory device 100 notice main process equipments 50 these Partial encryptions.Because main process equipment 50 only needs to decipher the part of encrypted content file---rather than whole content file, because the remainder of content file is in the plain text form among this embodiment---so main process equipment 50 may can be deciphered this content file, even it has limited processing power.(the maximum quantity of the part that the quantity of the part of encrypted content file preferably can operate to decipher less than main process equipment 50.) thereby, realize that the memory device such as storage payment card (SDC) of the method can allow wider mobile handset to access the content file of its storage.
Can realize these embodiment with any suitable technology.Technology is utilized the file system structure in file allocation table (FAT) file system.On the memory device that is operated under the FAT file system, be stored in the memory device content file as bunch group be managed, bunch be one group of sector wherein.Application on the main process equipment comes data in the reference paper by skew usually, and file system is translated as concrete addressable sector with this skew.By using the knowledge of FAT file system bunch size, the part that memory device can encipher only bunch and notice main process equipment about which sector of content file encrypted and which be plain text.In one embodiment, memory device 100 produce randomly the local refinement key and select randomly bunch in will encrypted sector (preferably be no more than to arrange with the main process equipment that allows to have finite computational abilities and can decrypt content files get maximum number).Maximum quantity can pre-determine, so that memory device 100 need not have the handling property of concrete main process equipment and the knowledge of restriction.Perhaps, memory device 100 can operate to choose the part of maximum quantity in real time (on the fly) encryption.For example, memory device 100 can describe based on the storage of main process equipment identifier table or some other data structures of the maximum quantity of the part that will encrypt in detail.After main process equipment (for example by checking) received the main process equipment identifier, memory device 100 can come the information of index stores to find the maximum quantity for the part that will encrypt of this concrete main process equipment with the main process equipment identifier that receives at memory device 100.
No matter the maximum quantity of encrypted part is predetermined or is determined by memory device 100, can be based on bunch being encrypted one by one, in order to encrypt different sectors in different bunches when data are sent to main process equipment 50.In addition, sector encrypted and that be sent in given bunch of main process equipment can change when being read for each bunch so that the hacker is difficult to more predict which sector in given bunch is encrypted.Therefore, encryption can be static (the identical sector when for example at every turn reading given bunch in this bunch is encrypted) or dynamic (for example read in given bunch the different sectors in this bunch encrypted) at every turn.In static state or dynamic encryption, be sent to after main process equipment 50(preferably breaks the wall of mistrust between memory device 100 and main process equipment 50 about the encrypted information of which bunch) encrypted so that main process equipment 50 is known for this concrete which bunch of session.Preferably, format memory device 100 with the tuftlet size (although can use other sizes) of 16K byte, and content preferably bunch beginning place begin.
In one embodiment, (when " image creation ") arranges the sector of wanting in encrypted bunch when making memory device.In this embodiment, at the time point of image creation, by this way in the identification image bunch: memory device 100 can to selected bunch of application at random or pseudorandom encrypt pattern.Can produce the message file that comprises reference identifier (ID), come the creating section to divide the random pattern of the content file of deciphering to produce randomly encryption key and to select to be used for to select by which sector of given bunch of the encryption keys that produces.This message file can comprise with each various encryption keys that are associated with reference to ID and encrypt the table of pattern, and each can be based on the session id of setting up between main process equipment 50 and memory device 100 during mutual authentication with reference to ID.Preferred this message file is stored in the privately owned subregion 136 of storer 120 in case stop-pass is crossed that the undelegated access of message file is distorted.As for the alternative of using message file, encrypt in the head that pattern and key can be stored in content file or some other positions.
Get back to accompanying drawing, Fig. 3 is illustrated in the block diagram that how to communicate between main process equipment 50 and the memory device 100.As shown in Figure 3, main process equipment 50 can be realized and use for example media player of 310() the file interface module 320 of communicating by letter with the file system 330 of main process equipment.Using 310 generally includes: graphical user interface (GUI) is used for the content file that user selection is expected; And use and drill existing engine, be used for drilling existing content file (such as played songs, movie etc.).File interface module 320 comprises: use fetch interface 322, it receives the order of self-application 310; Decryption engine, it is according to the content file of encrypting pattern deciphering arrival; And operating system file interface 326, be used for communicating by letter with the file system 330 of main process equipment.Main process equipment 50 is also realized for the memory device block drive 340 of communicating by letter with memory device 100.Preferably, use 310 and file interface module 320 compile by this way: carry out safely content in file interface module 320 and use transmission between 310.In one embodiment, file interface module 320 is implemented as software module on the controller 160 that operates in main process equipment to avoid need changing the firmware of main process equipment.
In operation, use 310 and call file interface module 320, and File Open, files that file interface module 320 is used 310 requests read and the file write operation.Memory device 100 usefulness come the message file of index stores in memory device 100 to seek suitable encryption key and to encrypt pattern and come partly encrypted content file with reference to ID.Memory device 100 sends to main process equipment 100 with the content file of Partial encryption with message file, so that main process equipment 50 can find encryption key and encrypt pattern based on reference ID.Perhaps, memory device 100 can only send encryption key and encrypt pattern to main process equipment 100.Under arbitrary situation, the relevant portion of file interface module 320 decrypt content files and it is delivered to is used on 310, uses there to drill existing engine 3 14 and drill existing content file.
In summary, in this example, memory device 100 is by according to the part of encrypting this content file by the sector of the fixed qty in each bunch of the encryption pattern of reference ID reference and encryption keys content file, can be based on the session key that creates during mutual authentication processing with reference to ID.Memory device 100 sends to main process equipment 50 with the content file of Partial encryption with message file, so that main process equipment 50 can the mark encryption key and the part of the encryption of pattern and decrypt content files.Main process equipment 50 can realize the file interface module with the read and write order that intercepts and captures self-application, safely obtain reference in message file encryption key, and determine which of content file of this part deciphering partly needs decrypted.As mentioned above,---not being whole content file---so because main process equipment 50 only needs to decipher the part of encrypted content file, main process equipment 50 can be deciphered this content file, even it does not have the processing power of the version that deciphering encrypts fully.This also carries to memory device 100 and has supplied added value, because content is unique to the encryption key of memory device 100 and safe storage to each memory device by localization.
In above example, being used for partly, the encryption pattern of encrypted content file is stored in memory device 100 during manufacture.In another embodiment, main process equipment 50 and memory device 100 are configured to dynamically produce the encrypt/decrypt pattern.In this embodiment, main process equipment 50 and memory device 100 both have pseudorandom number generator.During authentication processing, random seed value is created by memory device 100 and is sent to safely main process equipment 50.Main process equipment 50 sends to memory device 100 with random count value and uses this random count value to create " at random " value with the pseudorandom number generator by memory device.(perhaps, memory device 100 also can send to random count value main process equipment 50.) memory device 100 then send the instruction content file which partly with encrypted and will with which pattern with reference to secret key encryption.Fig. 4 illustrate wherein will to bunch in the example pattern that is encrypted of each sector.Each is shown as A, B and C with reference to key in Fig. 4.Should be noted that one of these keys can be the sky keys, in the case, the part of content file will be with plain text from memory device 100 transmission.
Preferably exchange the value with reference to key in the secure communication channel between the application in operating in main frame 50 and the memory device 100.Produce in random number in the situation of the pattern that does not satisfy predetermined distribution, can produce new value.Memory device 100 can be configured to produce random count value or only move to next pseudo random number.For example, pre-conditionedly can be: the 5th, the minimum number of the sector of encrypting, the 5th, the maximum quantity of the sector of cryptographically not transmitting, and at least three sectors must send as ciphertext.
Many replacements that existence can be used with these embodiment.For example, in above embodiment, the some parts of content file is encrypted, and makes other remainders be in the plain text form.In another embodiment, not to make all remainders of content file all be in the plain text form, with at least some of the remainder of at least one other this content file of secret key encryption.For example, consider wherein to come with two encryption keys the situation of encrypted content file.Although (in this example, use two encryption keys, should be appreciated that, can use unnecessary two encryption keys.) embodiment described above is such, will come with the first encryption key the some parts of encrypted content file.But, replace making all remainders be in the plain text form, will use at least some of the second secret key encryption remainder.By with the different part of different encryption keys, this embodiment can be used for allowing to be subjected to the limited playback of content of digital copyright management (DRM) protection.Particularly, the main frame of not understanding DRM can use the part of an encryption key (for example from the playback account on the memory device) access content files, but need to visit other parts from (for example from the DRM service account on the memory device) at least one other key of DRM service.
Conclusion
More than detailed description be intended to be understood to the explanation of the selected form that can take the present invention, rather than limitation of the invention.Only following claim, comprise that all equivalents are intended to limit the scope of claimed invention.At last, any aspect that should be noted that any preferred embodiment described here can be used separately or the combination with one another use.

Claims (28)

1. method that is used for providing to main process equipment the content file of Partial encryption, the method comprises:
In the memory device with storer of having stored content file, carry out following operation:
Obtain this content file from storer;
Come this content file of Partial encryption by the some parts of encrypting this content file;
The content file of Partial encryption is sent to main process equipment with this memory device communication; And
Which part of the content file of this Partial encryption of notice main process equipment is encrypted.
2. the method for claim 1, wherein the remainder of this content file is the form of plain text, and the maximum quantity of the quantity of the part of the encrypted content file part that operates to decipher less than main process equipment wherein.
3. method as claimed in claim 2, the maximum quantity of wherein said part is predetermined.
4. method as claimed in claim 2 is wherein determined the maximum quantity of described part based on the main process equipment identifier by memory device.
5. the method for claim 1, wherein said content file comprises a plurality of bunches, each bunch comprises a plurality of sectors separately, and the content file that wherein creates Partial encryption by encrypting some sectors in each described a plurality of bunches bunch rather than all sectors.
6. the method for claim 1, wherein said storer are also stored the message file that a plurality of encryption patterns and encryption key are associated with each identifier, and wherein the method also comprises:
Receive identifier; And
Use this identifier from this message file mark encryption pattern and encryption key;
Wherein use encryption pattern and this content file of encryption key Partial encryption of sign.
7. method as claimed in claim 6, wherein said message file is stored in the privately owned subregion of described storer.
8. method as claimed in claim 6, wherein said identifier is based on the session key of setting up between main process equipment and memory device.
9. method as claimed in claim 6 wherein notifies which part of the content file of described this Partial encryption of main process equipment to send this message file encrypted comprising to main process equipment.
10. the method for claim 1 is wherein used the described content file of static encryption pattern Partial encryption.
11. the method for claim 1 is wherein used the described content file of encryption pattern Partial encryption of Dynamic Generation.
12. method as claimed in claim 11 is wherein from the random value that is produced by described memory device and the encryption pattern that produces this Dynamic Generation from the random value that main process equipment receives.
13. the method for claim 1 also comprises at least some remainders with at least one other described content file of encryption keys.
14. method as claimed in claim 13, wherein said at least one other encryption key is associated with digital copyright management (DRM) service.
15. a memory device comprises:
Interface is configured to communicate by letter with main process equipment;
Storer; And
Controller, with described interface and described memory communication, wherein said controller is configured to:
Obtain content file from described storer;
Come this content file of Partial encryption by the some parts of encrypting this content file;
The content file of Partial encryption is sent to main process equipment; And
Which part of the content file of this Partial encryption of notice main process equipment is encrypted.
16. memory device as claimed in claim 15, the wherein maximum quantity of the quantity of the part of the encrypted content file part that operates to decipher less than main process equipment.
17. memory device as claimed in claim 16, the maximum quantity of wherein said part is predetermined.
18. memory device as claimed in claim 16 is wherein determined the maximum quantity of described part based on the main process equipment identifier by memory device.
19. memory device as claimed in claim 15, wherein said content file comprises a plurality of bunches, each bunch comprises a plurality of sectors separately, and the content file that wherein creates Partial encryption by encrypting some sectors in each described a plurality of bunches bunch rather than all sectors.
20. memory device as claimed in claim 15, wherein said storer are also stored the message file that a plurality of encryption patterns and encryption key are associated with identifier, and wherein said controller also operate with:
Receive identifier; And
Use this identifier from this message file mark encryption pattern and encryption key;
Wherein use encryption pattern and this content file of encryption key Partial encryption of sign.
21. memory device as claimed in claim 20, wherein said message file are stored in the privately owned subregion of described storer.
22. memory device as claimed in claim 20, wherein said identifier is based on the session key of setting up between main process equipment and memory device.
23. memory device as claimed in claim 20, wherein said controller also are configured to notify which part of content file of described this Partial encryption of main process equipment encrypted by send this message file to main process equipment.
24. memory device as claimed in claim 15 wherein uses the described content file of static encryption pattern Partial encryption.
25. memory device as claimed in claim 15 wherein uses the described content file of encryption pattern Partial encryption of Dynamic Generation.
26. memory device as claimed in claim 25 is wherein from the random value that is produced by described memory device and the encryption pattern that produces this Dynamic Generation from the random value that main process equipment receives.
27. memory device as claimed in claim 15 is wherein with at least some remainders of at least one other described content file of encryption keys.
28. memory device as claimed in claim 27, wherein said at least one other encryption key is associated with digital copyright management (DRM) service.
CN201180034715.3A 2010-07-14 2011-06-15 Storage device and the method for the content file of Partial encryption are provided to main process equipment Active CN103003824B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/836,049 US8972723B2 (en) 2010-07-14 2010-07-14 Storage device and method for providing a partially-encrypted content file to a host device
US12/836,049 2010-07-14
PCT/US2011/040510 WO2012009092A1 (en) 2010-07-14 2011-06-15 Storage device and method for providing a partially-encrypted content file to a host device

Publications (2)

Publication Number Publication Date
CN103003824A true CN103003824A (en) 2013-03-27
CN103003824B CN103003824B (en) 2016-08-17

Family

ID=44358159

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201180034715.3A Active CN103003824B (en) 2010-07-14 2011-06-15 Storage device and the method for the content file of Partial encryption are provided to main process equipment

Country Status (6)

Country Link
US (1) US8972723B2 (en)
EP (1) EP2593895A1 (en)
KR (1) KR20130129170A (en)
CN (1) CN103003824B (en)
TW (1) TW201209632A (en)
WO (1) WO2012009092A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218580A (en) * 2013-03-28 2013-07-24 安徽励图信息科技股份有限公司 USB (universal serial bus) isolating equipment and isolating method thereof
CN104615944A (en) * 2015-01-09 2015-05-13 天脉聚源(北京)科技有限公司 Method and device for encrypting and decrypting files
WO2016206485A1 (en) * 2015-06-24 2016-12-29 腾讯科技(深圳)有限公司 Multimedia file processing method and apparatus
WO2016206457A1 (en) * 2015-06-24 2016-12-29 腾讯科技(深圳)有限公司 Method and apparatus for processing multimedia file
CN107086041A (en) * 2017-03-27 2017-08-22 竹间智能科技(上海)有限公司 Speech emotional analysis method and device based on computations
CN109117670A (en) * 2018-08-16 2019-01-01 海南新软软件有限公司 A kind of realization shear plate data encryption and decryption method, apparatus and hardware device
CN110929302A (en) * 2019-10-31 2020-03-27 东南大学 Data security encryption storage method and storage device

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2657845A1 (en) * 2012-04-25 2013-10-30 Siemens Aktiengesellschaft Method for changing data when requesting data from a physical storage device by a reception unit
US8930623B2 (en) * 2012-06-26 2015-01-06 Transcend Information, Inc. Method of securing data in storage device and storage device thereof
US10057400B1 (en) 2012-11-02 2018-08-21 Majen Tech, LLC Lock screen interface for a mobile device apparatus
US11431834B1 (en) 2013-01-10 2022-08-30 Majen Tech, LLC Screen interface for a mobile device apparatus
US10051103B1 (en) 2013-01-10 2018-08-14 Majen Tech, LLC Screen interface for a mobile device apparatus
WO2014143843A1 (en) 2013-03-15 2014-09-18 Bodhi Technology Ventures Llc Controlling wireless device access to host device functionality
EP2973571B1 (en) 2013-03-15 2020-04-22 Intel Corporation A memory system
WO2014143814A1 (en) * 2013-03-15 2014-09-18 Bodhi Technology Ventures Llc Facilitating a secure session between paired devices
WO2015132446A1 (en) * 2014-03-04 2015-09-11 Nokia Technologies Oy Method and apparatus for secured information storage
US10511580B2 (en) 2014-03-31 2019-12-17 Monticello Enterprises LLC System and method for providing a social media shopping experience
US11080777B2 (en) 2014-03-31 2021-08-03 Monticello Enterprises LLC System and method for providing a social media shopping experience
US11282131B2 (en) 2014-03-31 2022-03-22 Monticello Enterprises LLC User device enabling access to payment information in response to user input
US10726472B2 (en) 2014-03-31 2020-07-28 Monticello Enterprises LLC System and method for providing simplified in-store, product-based and rental payment processes
US9400977B2 (en) 2014-05-29 2016-07-26 Apple Inc. User device enabling access to payment information in response to mechanical input detection
ITUB20159567A1 (en) * 2015-12-18 2017-06-18 Hermes Comm S R L S METHOD OF PROTECTION OF MULTIMEDIA FILES FROM COPY AND UNAUTHORIZED DISTRIBUTION AND ASSOCIATED MULTIMEDIA FILES.
US11063915B1 (en) * 2017-03-24 2021-07-13 Amazon Technologies, Inc. Cluster of network-attachable storage devices with cluster manifest
WO2018207029A1 (en) 2017-05-09 2018-11-15 Matthew Fagan Quotation machine and system, and production systems estimating cost for, and fulfilling, orders for non-existing steel parts
TWI647569B (en) * 2017-12-15 2019-01-11 宇瞻科技股份有限公司 Touch disk partition control system and method
US11258772B2 (en) * 2018-06-19 2022-02-22 Cypress Semiconductor Corporation Secured communication from within non-volatile memory device
RU2714097C2 (en) * 2018-07-11 2020-02-11 Общество с ограниченной ответственностью "СИТРОНИКС СМАРТ ТЕХНОЛОГИИ" Method of confirming objects origin legality

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5999622A (en) * 1995-11-22 1999-12-07 Microsoft Corporation Method and apparatus for protecting widely distributed digital information
US20030231767A1 (en) * 2002-04-12 2003-12-18 Hewlett-Packard Development Company, L.P. Efficient encryption of image data
US20060059351A1 (en) * 2004-09-16 2006-03-16 Samsung Electronics Co., Ltd. Method and apparatus for searching for rights objects stored in portable storage device using object identifier
CN1830030A (en) * 2003-08-01 2006-09-06 皇家飞利浦电子股份有限公司 Record carrier comprising encryption indication information
CN101040275A (en) * 2004-10-12 2007-09-19 韩国情报通信大学校产学协力团 Contents encryption method, system and method for providing contents through network using the encryption method

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6598161B1 (en) * 1999-08-09 2003-07-22 International Business Machines Corporation Methods, systems and computer program products for multi-level encryption
US6976166B2 (en) * 2001-02-06 2005-12-13 Hewlett-Packard Development Company, L.P. Method and apparatus for partial encryption of content
US7295673B2 (en) 2002-10-23 2007-11-13 Divx, Inc. Method and system for securing compressed digital video
US20070083467A1 (en) * 2005-10-10 2007-04-12 Apple Computer, Inc. Partial encryption techniques for media data
JP4816025B2 (en) * 2005-11-22 2011-11-16 富士ゼロックス株式会社 Information management system
US20080250251A1 (en) 2007-04-04 2008-10-09 Cyberlink Corp. Systems and Methods for Hardware Driven Program Execution
US20090146822A1 (en) * 2007-11-13 2009-06-11 Elevate Technologies Pty Ltd. Telemedicine Application for Remote Monitoring, Viewing and Updating of Patient Records
US8327051B2 (en) 2007-11-20 2012-12-04 Sandisk Technologies Inc. Portable handheld memory card and methods for use therewith
US20090150631A1 (en) 2007-12-06 2009-06-11 Clifton Labs, Inc. Self-protecting storage device
US8209551B2 (en) * 2008-02-15 2012-06-26 Intel Corporation Security for RAID systems
US20100287382A1 (en) * 2009-05-07 2010-11-11 John Charles Gyorffy Two-factor graphical password for text password and encryption key generation
US8542823B1 (en) * 2009-06-18 2013-09-24 Amazon Technologies, Inc. Partial file encryption
US9135471B2 (en) * 2010-03-10 2015-09-15 Dell Products L.P. System and method for encryption and decryption of data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5999622A (en) * 1995-11-22 1999-12-07 Microsoft Corporation Method and apparatus for protecting widely distributed digital information
US20030231767A1 (en) * 2002-04-12 2003-12-18 Hewlett-Packard Development Company, L.P. Efficient encryption of image data
CN1830030A (en) * 2003-08-01 2006-09-06 皇家飞利浦电子股份有限公司 Record carrier comprising encryption indication information
US20060059351A1 (en) * 2004-09-16 2006-03-16 Samsung Electronics Co., Ltd. Method and apparatus for searching for rights objects stored in portable storage device using object identifier
CN101040275A (en) * 2004-10-12 2007-09-19 韩国情报通信大学校产学协力团 Contents encryption method, system and method for providing contents through network using the encryption method

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218580A (en) * 2013-03-28 2013-07-24 安徽励图信息科技股份有限公司 USB (universal serial bus) isolating equipment and isolating method thereof
CN103218580B (en) * 2013-03-28 2016-05-25 安徽励图信息科技股份有限公司 A kind of USB xegregating unit and partition method thereof
CN104615944A (en) * 2015-01-09 2015-05-13 天脉聚源(北京)科技有限公司 Method and device for encrypting and decrypting files
WO2016206485A1 (en) * 2015-06-24 2016-12-29 腾讯科技(深圳)有限公司 Multimedia file processing method and apparatus
WO2016206457A1 (en) * 2015-06-24 2016-12-29 腾讯科技(深圳)有限公司 Method and apparatus for processing multimedia file
US10609430B2 (en) 2015-06-24 2020-03-31 Tencent Technology (Shenzhen) Company Limited Method and device for processing multimedia file, and storage medium
CN107086041A (en) * 2017-03-27 2017-08-22 竹间智能科技(上海)有限公司 Speech emotional analysis method and device based on computations
CN109117670A (en) * 2018-08-16 2019-01-01 海南新软软件有限公司 A kind of realization shear plate data encryption and decryption method, apparatus and hardware device
CN110929302A (en) * 2019-10-31 2020-03-27 东南大学 Data security encryption storage method and storage device
CN110929302B (en) * 2019-10-31 2022-08-26 东南大学 Data security encryption storage method and storage device

Also Published As

Publication number Publication date
US20120017084A1 (en) 2012-01-19
WO2012009092A1 (en) 2012-01-19
TW201209632A (en) 2012-03-01
EP2593895A1 (en) 2013-05-22
US8972723B2 (en) 2015-03-03
CN103003824B (en) 2016-08-17
KR20130129170A (en) 2013-11-27

Similar Documents

Publication Publication Date Title
CN103003824A (en) Storage device and method for providing a partially-encrypted content file to a host device
CN106301774B (en) Safety chip, its encryption key generation method and encryption method
US9100187B2 (en) Authenticator
KR100503588B1 (en) Storage device including a non-volatile memory
US20180227123A1 (en) Authenticator, authenticatee and authentication method
CN1871568B (en) Program execution device
KR101536086B1 (en) Authenticator, authenticatee and authentication method
EP2267628A2 (en) Token passing technique for media playback devices
WO2011152065A1 (en) Controller, control method, computer program, program recording medium, recording apparatus, and method of manufacturing recording apparatus
CN103067170B (en) encrypting method based on EXT2 file system
CN103209176A (en) System and method for building home domain by using smart card
JP2005050320A (en) Access method
EP2073142A2 (en) Methods for authenticating a hardware device and providing a secure channel to deliver data
CN102461113B (en) Method and system for content replication control
CN108418834A (en) A kind of internet of things equipment auth method
CN101174941B (en) Off-line digital copyright protection method and device for mobile terminal document
CN102460456A (en) Memory device and method for adaptive protection of content
JP2008287488A (en) Data distributing and preserving unit
KR20070076848A (en) Apparatus and method for improving the security level in a card authentication system
KR101146509B1 (en) Internet banking transaction system and the method that use maintenance of public security card to be mobile
JP2008306685A (en) Security information setting system, master terminal thereof, general terminal, and program
WO2020022353A1 (en) Apparatus and method for managing secret information, and program therefor
JP2015014839A (en) Information processing system
JP2006148668A (en) Utilization frequency limitation information transfer system, and utilization frequency limitation information transfer program
JP2015125533A (en) Information processing system, communication device, and storage device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: texas

Applicant after: DELPHI INT OPERATIONS LUX SRL

Address before: texas

Applicant before: Sandisk Corp.

COR Change of bibliographic data
C14 Grant of patent or utility model
GR01 Patent grant